Two thirds of second hand memory cards have recoverable data from previous owners, study finds

Researchers from the University of Hertfordshire in the UK recently did a study on the data that can be found from second-hand memory cards. They found that almost two-thirds of the memory cards had data belonging to the previous owner which could be recovered.

For this study, the researchers purchased 100 second-hand SD and MicroSD cards from eBay, auctions, second-hand shops and other sources over a period of 4 months.

Intimate photos, pornography, personal documents recovered

The researchers first created a bit by bit image of the memory cards acquired and then used freely available software to recover any data from the card.

Out of the 100 cards tested, 36 had not even deleted previous files at all. 29 cards had been formatted and 2 cards had their data deleted, but it was all easily recoverable. Only 25 out of 100 cards had their data erased irrevocably by a program that overwrites files repeatedly.

The results are interesting and also a bit worrisome. The researchers were able to recover personal data including intimate photos, selfies, passport copies, contact lists, navigation files, pornography, resumes, browsing history, identification numbers, and other documents.

Just deleting files isn’t enough

Hertfordshire’s Professor of cybersecurity, Dr Andrew Jones, said, “Despite the ongoing media focus on cybercrime and the security of personal data, it is clear from our research that the majority are still not taking adequate steps to remove all data from memory cards before sales.”

Dr Jones particularly raised alarm regarding the sensitivity of sat-nav data that they found, which can reveal the previous user’s whereabouts, their address and where they work.

The study was commissioned by a company Comparitech.com. The Privacy Advisor for Comparitech, Paul Bischoff said, “Often the problem is not that people don’t wipe their SD cards; it’s that they don’t do it properly,”

According to Bischoff, “Simply deleting a file from a device only removes the reference that points to where a computer could find that file in the card memory. It doesn’t actually delete the ones and zeros that make up the file,”

He went on to point out, “That data remains on the card until it is overwritten by something else. For this reason, it’s not enough to just highlight all the files in a memory card and hit the delete key. Retired cards need to be fully erased and reformatted.”

There is open source software built precisely to erase your files from memory cards by overwriting the data. This method is recommended for all storage devices, including hard drives and internal storage on smartphones.

Similar Research Findings

The research by the University of Hertfordshire is not the first of its kind. A 2010 study revealed that 50% second-hand phones still have the previous owner’s data.

A 2012 report found that 1 in 10 second-hand hard drives had retrievable data. A similar 2015 study reported that three-quarters of all hard drives had some data from previous users.

It is clear from all of these studies that we still have a long way to go in terms of education and expertise regarding data security and protection of digital privacy.